Re: New to SMS - have a Collections question.

---

• From: dbouton@xxxxxxxx
• Date: 8 Nov 2006 11:24:07 -0800

---

Kim Oppalfens <MVP> wrote:

Have you tried making the users a member of the distributed com users group
on the server?

--
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System SMS - MVP


<dbouton@xxxxxxxx> wrote in message
news:1162837145.701115.248950@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Thanks Steve but the DCOM permissions were set properly. So far the
only way I have been able to get this to work is making the user a
local admin of both the SMS server and the server the database is on.
However this is a security problem. Still trying though but haven't
come up with anything more restictive that works. Any other ideas?

Dawn

Steve Thompson wrote:

You probably need to adjust the DCOM permissions on your server, see the
last FAQ on this page:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/tfaq02.mspx

Steve
<dbouton@xxxxxxxx> wrote in message
news:1162411235.716668.132440@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Thank you so much - it makes sense now and I set it up accordingly.
I'm on to problem number two now and have tried almost all the
suggestions I could find. I loaded the SMS Admin Console on the
computer these techs will be using. They do not have domain admin
privileges but they do have local admin priviliges. They are unable to
connect to the site. I connect fine as Domain Admin on the same
machine. I tried making them a member of DCOM Users and even SMS
Admins to test but no luck. I do not want them to be a local admin on
the SMS server. Our database resides on a seperate server. I'm sure
it's a rights problem but I'm not sure where or how to fix it and not
comprimise the security of the servers. Any ideas?

Thank you for your help.
Dawn

Bernie Kilshaw wrote:

Dawn,

SMS security is a bit different from normal Windows security.

Access to objects is based on Security Rights (if you scroll down the
list
of objects in the Console you'll find Security Rights there.)

You can assign rights to a Class (ie All Collections / Queries /
Packages
etc) or to an Instance (ie a specific Collection / Query / PAckage).

It sounds as if you've set Class Rights rather than Instanace Rights
for
what you're trying to achieve.

If you select Security Rights -- > Right Click --> New --> Instance
you
should be able to get where you want to.

HTH

Bernie
<dbouton@xxxxxxxx> wrote in message
news:1162391162.533211.318300@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I am new to SMS - trying to learn it after someone else installed it.
I believe it is a typical install. There is only one site database
and
below that I see the Site Hierarchy, Collections, Packages etc.
Under
Collections is a lot of "sub collections". I tried creating a
"sub-collection" called tech for our techs to be able to use remote
tools to access and fix computers on our network. I added the
workstations in I wanted them to have access to. However I want to
exclude them from servers and administrative computers which are in
a
different "sub-collection". I also want to limit other functions.
However if I set the security on "Collections" or their
"sub-collection" it gives them rights to everything under
"Collections"
including the administrative machines and servers. I'm not sure
where
to go from here. Do I have to create a whole new CollectionsB say
under Site Database. If so how do you do this. I have been reading
the manual and am confused. I think because I was not part of the
install from the beginning. Any help is appreciated.

Dawn

.

---

• References:
  • New to SMS - have a Collections question.
    • From: dbouton
  • Re: New to SMS - have a Collections question.
    • From: Bernie Kilshaw
  • Re: New to SMS - have a Collections question.
    • From: dbouton
  • Re: New to SMS - have a Collections question.
    • From: Steve Thompson
  • Re: New to SMS - have a Collections question.
    • From: dbouton

• Prev by Date: Re: Client install using a GPO
• Next by Date: SMS Collection Inquiry
• Previous by thread: Re: New to SMS - have a Collections question.
• Next by thread: Re: Support for Workgroup clients
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: New to SMS - have a Collections question. ... local admin of both the SMS server and the server the database is on. ... However this is a security problem. ... Access to objects is based on Security Rights (if you scroll down the ... (microsoft.public.sms.admin) Re: Problem sending emails ... you may want to review the security you've put into place and undo it to see ... The 5.7.1 event you're seeing is usually a permissions related issue on the ... SMTP virtual server. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... (microsoft.public.exchange.connectivity) Re: Setting Site System Connection Account disabled ... the sms is installed in advance security mode. ... But i still have the problem with the distribution point on other server. ... VDABDC002$ account on other server), still the sms says access to the remote ... (microsoft.public.sms.admin) Re: Running a program from a network share ... allwoed to run this assembly or is it SMS not able to locate the assembly? ... This posting is provided "AS IS" with no warranties, and confers no rights. ... >> from a network share. ... >>> server and configure my package to run from this location my install ... (microsoft.public.sms.swdist) Re: Post Windows 2003 Update Errors ... > down to a member server later). ... > Everything appears to be fine following the upgrade except that the SMS ... > or local security authority server was in the wrong state to perform ... (microsoft.public.sms.setup)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)